Some tips to optimize the library

[TanakaYasen]

would you like to restore _WMI_LOGGER_CONTEXT::GetCpuClock in IfhRelease as a complete release.

I haven't tried yet though, is there a need to scan stack by INFINITYHOOK_MAGIC_1 INFINITYHOOK_MAGIC_2 every time enter syscall. AFAIK it hurts perfermance to some extent. or maybe when enter KiSystemCall64 , address of [rsp+138h+Var_f8] is a fixed offset to PVOID* StackMax = (PVOID*)__readgsqword(OFFSET_KPCR_RSP_BASE) .

[SpriteOvO]

would you like to restore _WMI_LOGGER_CONTEXT::GetCpuClock in IfhRelease as a complete release.

Restarting the CKCL session will restore the GetCpuClock pointer to its original value, so there is no need to restore it manually.